Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

how to remove newfolder.exe, Bimat.exe and IEXPLORER.exe

Posted on 2009-05-05
4
Medium Priority
?
1,471 Views
Last Modified: 2013-11-05
Hi Friends,

I am facing a lot of problem regarding the infection in our network newfolder.exe, Bimat.exe and  IEXPLORER.exe. I am using Combofix and SDFix tools to clean, its perfectly working but again the users get same problem after 1 or 2 days may be thsi will be happening of network and i cant clean network with in one or two days coz we have more than 100 Pc. we are using Kaspersky and ESET Nod32 Antivirsus only so is there any tool it will remove from network or any anti spyware or else software it will make helpful and protection to our network. the acceptable answer from any one will helpful to me...............
0
Comment
Question by:cscdubai
  • 2
  • 2
4 Comments
 
LVL 11

Expert Comment

by:NaturaTek
ID: 24311489
CSC,

I feel your pain. If I were you, I would reinstall and make a image with acronis. When users cause damage, just reimage them in 6 minutes and copy their data back on for WORST case scenarios.
If you have more than 100 pcs, this is ideal. Will save you lots of work down the road.

However to clean up in your situation I would first disable system restore. Download ccleaner from ccleaner.com
Download superantispyware (superantispyware.com) and malwarebytes antimalware (malwarebytes.org)

Boot into safe mode. Run ccleaner. The reason I do ccleaner first is because it will clean out all temp files, caches, etc..so you don't have to spend a extra hour or so scanning nonsense files.
Run Malwarebytes, do a full scan, remove all selected when done, reboot in safemode, run superantispyware, full scan, remove all selected reboot in safe mode.

Download autoruns from Microsoft. Run it and see if you find any strange service/driver/app loading up that you know for sure it's not related to the OS or your environment. Delete them.

Boot normally and see if you are cleaned.

Combofix in safe mode is a last step in my book. Eset is good so is Kaspersky, and many others. In my years of experience I find one antivirus finds something another wont. Same apply for antispyware programs.

Believe it or not for a business environment I would stick with Kaspersky or Symantec Endpoint protection..because it is very strict and configurable in network environments.

If you are using Eset 4.0, go into options and create yourself a bootable cd from there, so you can boot from the eset CD and scan without even booting into windows. Same with Kaspersky..I think they have that option as well now.

Of course, before running any scan, or creating a boot scan cd, be sure to update definition files to current date.

I do swear by a good antivirus used in combination with malwarebytes and superantispyware. I don't run them all together, I do run the last 2 as maintenance every week or two, or the moment a user did web browsing in the underworlds.

I would create policies to prohibit installation of rogue programs and create security in Internet Explorer preventing sites with keywords or designated sites. Of course if you guys have some network rackmount items, you can create rules to prohibit sites into your network.

Doesn't matter if you clean and clean, users will be users and will click on every dang thing on the web, in a few days, computer will be infected all over again.

I do find symantec endpoint or eset RUNNING along side of malwarebytes in REAL TIME (this is a paid feature) to be VERY effective.

Best wishes
0
 

Author Comment

by:cscdubai
ID: 24408984
but what ever the comment u give it really not helpful me i tried it but fail
0
 
LVL 11

Expert Comment

by:NaturaTek
ID: 24409024
I don't know the level of your infection. If you  tried the combofix and all else I posted above, then perhaps your system is infected with a certain rootkit, cloaked malware to a point where it might not even be worth it to repair.

If you did the scans above, please post the log of malwarebytes here, log of combofix here.
Download hijackthis http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
And post the log here.

In mean time back up your important documents. Pull out your windows xp cd and consider deleting your partition, recreating it and reinstalling windows xp.
leave your windows xp in the cd rom, when you boot up it should start the cd, if not, go into bios, select the CDrom in boot priority to be 1st. Xp install will guide you on deleting your existing installation.

0
 

Accepted Solution

by:
cscdubai earned 0 total points
ID: 24730144
Now Eset Nod32 is detecting and cleaning this infections
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question